github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Use new clients in Azure credential provider

Browse Source
This commit is contained in:
Pengfei Ni 2018-04-24 14:33:49 +08:00
parent 079f9b85f8
commit 471d00c929
3 changed files with 71 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
pkg/credentialprovider/azure/BUILD
View File

@ -16,7 +16,7 @@ go_library(
deps = [ deps = [
"//pkg/cloudprovider/providers/azure/auth:go_default_library", "//pkg/cloudprovider/providers/azure/auth:go_default_library",
"//pkg/credentialprovider:go_default_library", "//pkg/credentialprovider:go_default_library",
"//vendor/github.com/Azure/azure-sdk-for-go/arm/containerregistry:go_default_library", "//vendor/github.com/Azure/azure-sdk-for-go/services/containerregistry/mgmt/2017-10-01/containerregistry:go_default_library",
"//vendor/github.com/Azure/go-autorest/autorest:go_default_library", "//vendor/github.com/Azure/go-autorest/autorest:go_default_library",
"//vendor/github.com/Azure/go-autorest/autorest/adal:go_default_library", "//vendor/github.com/Azure/go-autorest/autorest/adal:go_default_library",
"//vendor/github.com/Azure/go-autorest/autorest/azure:go_default_library", "//vendor/github.com/Azure/go-autorest/autorest/azure:go_default_library",
@ -32,7 +32,7 @@ go_test(
srcs = ["azure_credentials_test.go"], srcs = ["azure_credentials_test.go"],
embed = [":go_default_library"], embed = [":go_default_library"],
deps = [ deps = [
"//vendor/github.com/Azure/azure-sdk-for-go/arm/containerregistry:go_default_library", "//vendor/github.com/Azure/azure-sdk-for-go/services/containerregistry/mgmt/2017-10-01/containerregistry:go_default_library",
"//vendor/github.com/Azure/go-autorest/autorest/to:go_default_library", "//vendor/github.com/Azure/go-autorest/autorest/to:go_default_library",
], ],
) )

57
pkg/credentialprovider/azure/azure_credentials.go
View File

@ -17,18 +17,20 @@ limitations under the License.
package azure package azure
import ( import (
"context"
"io" "io"
"io/ioutil" "io/ioutil"
"os" "os"
"time" "time"
"github.com/Azure/azure-sdk-for-go/arm/containerregistry" "github.com/Azure/azure-sdk-for-go/services/containerregistry/mgmt/2017-10-01/containerregistry"
"github.com/Azure/go-autorest/autorest" "github.com/Azure/go-autorest/autorest"
"github.com/Azure/go-autorest/autorest/adal" "github.com/Azure/go-autorest/autorest/adal"
"github.com/Azure/go-autorest/autorest/azure" "github.com/Azure/go-autorest/autorest/azure"
"github.com/ghodss/yaml" "github.com/ghodss/yaml"
"github.com/golang/glog" "github.com/golang/glog"
"github.com/spf13/pflag" "github.com/spf13/pflag"
"k8s.io/kubernetes/pkg/cloudprovider/providers/azure/auth" "k8s.io/kubernetes/pkg/cloudprovider/providers/azure/auth"
"k8s.io/kubernetes/pkg/credentialprovider" "k8s.io/kubernetes/pkg/credentialprovider"
) )
@ -48,9 +50,46 @@ func init() {
}) })
} }
func getContextWithCancel() (context.Context, context.CancelFunc) {
return context.WithCancel(context.Background())
}
// RegistriesClient is a testable interface for the ACR client List operation. // RegistriesClient is a testable interface for the ACR client List operation.
type RegistriesClient interface { type RegistriesClient interface {
List() (containerregistry.RegistryListResult, error) List(ctx context.Context) ([]containerregistry.Registry, error)
}
// azRegistriesClient implements RegistriesClient.
type azRegistriesClient struct {
client containerregistry.RegistriesClient
}
func newAzRegistriesClient(subscriptionID, endpoint string, token *adal.ServicePrincipalToken) *azRegistriesClient {
registryClient := containerregistry.NewRegistriesClient(subscriptionID)
registryClient.BaseURI = endpoint
registryClient.Authorizer = autorest.NewBearerAuthorizer(token)
return &azRegistriesClient{
client: registryClient,
}
}
func (az *azRegistriesClient) List(ctx context.Context) ([]containerregistry.Registry, error) {
iterator, err := az.client.ListComplete(ctx)
if err != nil {
return nil, err
}
result := make([]containerregistry.Registry, 0)
for ; iterator.NotDone(); err = iterator.Next() {
if err != nil {
return nil, err
}
result = append(result, iterator.Value())
}
return result, nil
} }
// NewACRProvider parses the specified configFile and returns a DockerConfigProvider // NewACRProvider parses the specified configFile and returns a DockerConfigProvider
@ -128,26 +167,24 @@ func (a *acrProvider) Enabled() bool {
return false return false
} }
registryClient := containerregistry.NewRegistriesClient(a.config.SubscriptionID) a.registryClient = newAzRegistriesClient(a.config.SubscriptionID, a.environment.ResourceManagerEndpoint, a.servicePrincipalToken)
registryClient.BaseURI = a.environment.ResourceManagerEndpoint
registryClient.Authorizer = autorest.NewBearerAuthorizer(a.servicePrincipalToken)
a.registryClient = registryClient
return true return true
} }
func (a *acrProvider) Provide() credentialprovider.DockerConfig { func (a *acrProvider) Provide() credentialprovider.DockerConfig {
cfg := credentialprovider.DockerConfig{} cfg := credentialprovider.DockerConfig{}
ctx, cancel := getContextWithCancel()
defer cancel()
glog.V(4).Infof("listing registries") glog.V(4).Infof("listing registries")
res, err := a.registryClient.List() result, err := a.registryClient.List(ctx)
if err != nil { if err != nil {
glog.Errorf("Failed to list registries: %v", err) glog.Errorf("Failed to list registries: %v", err)
return cfg return cfg
} }
for ix := range *res.Value { for ix := range result {
loginServer := getLoginServer((*res.Value)[ix]) loginServer := getLoginServer(result[ix])
var cred *credentialprovider.DockerConfigEntry var cred *credentialprovider.DockerConfigEntry
if a.config.UseManagedIdentityExtension { if a.config.UseManagedIdentityExtension {

45
pkg/credentialprovider/azure/azure_credentials_test.go
View File

@ -18,17 +18,18 @@ package azure
import ( import (
"bytes" "bytes"
"context"
"testing" "testing"
"github.com/Azure/azure-sdk-for-go/arm/containerregistry" "github.com/Azure/azure-sdk-for-go/services/containerregistry/mgmt/2017-10-01/containerregistry"
"github.com/Azure/go-autorest/autorest/to" "github.com/Azure/go-autorest/autorest/to"
) )
type fakeClient struct { type fakeClient struct {
results containerregistry.RegistryListResult results []containerregistry.Registry
} }
func (f *fakeClient) List() (containerregistry.RegistryListResult, error) { func (f *fakeClient) List(ctx context.Context) ([]containerregistry.Registry, error) {
return f.results, nil return f.results, nil
} }
@ -38,25 +39,23 @@ func Test(t *testing.T) {
"aadClientId": "foo", "aadClientId": "foo",
"aadClientSecret": "bar" "aadClientSecret": "bar"
}` }`
result := containerregistry.RegistryListResult{ result := []containerregistry.Registry{
Value: &[]containerregistry.Registry{ {
{ Name: to.StringPtr("foo"),
Name: to.StringPtr("foo"), RegistryProperties: &containerregistry.RegistryProperties{
RegistryProperties: &containerregistry.RegistryProperties{ LoginServer: to.StringPtr("foo-microsoft.azurecr.io"),
LoginServer: to.StringPtr("foo-microsoft.azurecr.io"),
},
}, },
{ },
Name: to.StringPtr("bar"), {
RegistryProperties: &containerregistry.RegistryProperties{ Name: to.StringPtr("bar"),
LoginServer: to.StringPtr("bar-microsoft.azurecr.io"), RegistryProperties: &containerregistry.RegistryProperties{
}, LoginServer: to.StringPtr("bar-microsoft.azurecr.io"),
}, },
{ },
Name: to.StringPtr("baz"), {
RegistryProperties: &containerregistry.RegistryProperties{ Name: to.StringPtr("baz"),
LoginServer: to.StringPtr("baz-microsoft.azurecr.io"), RegistryProperties: &containerregistry.RegistryProperties{
}, LoginServer: to.StringPtr("baz-microsoft.azurecr.io"),
}, },
}, },
} }
@ -71,8 +70,8 @@ func Test(t *testing.T) {
creds := provider.Provide() creds := provider.Provide()
if len(creds) != len(*result.Value) { if len(creds) != len(result) {
t.Errorf("Unexpected list: %v, expected length %d", creds, len(*result.Value)) t.Errorf("Unexpected list: %v, expected length %d", creds, len(result))
} }
for _, cred := range creds { for _, cred := range creds {
if cred.Username != "foo" { if cred.Username != "foo" {
@ -82,7 +81,7 @@ func Test(t *testing.T) {
t.Errorf("expected 'bar' for password, saw: %v", cred.Username) t.Errorf("expected 'bar' for password, saw: %v", cred.Username)
} }
} }
for _, val := range *result.Value { for _, val := range result {
registryName := getLoginServer(val) registryName := getLoginServer(val)
if _, found := creds[registryName]; !found { if _, found := creds[registryName]; !found {
t.Errorf("Missing expected registry: %s", registryName) t.Errorf("Missing expected registry: %s", registryName)